Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-4120 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
by IBM
CVE-2010-3856 EXPLOITDB text VERIFIED
glibc < 2.11.3 and 2.12.x < 2.12.2 - Privilege Escalation via LD_AUDIT Environment Variable
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
by Tavis Ormandy
CVE-2010-3653 EXPLOITDB text VERIFIED
Adobe Shockwave Player < 11.5.9.615 - Remote Code Execution via Crafted rcsL Chunk
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
by Abysssec
EIP-2026-115810 EXPLOITDB text VERIFIED
Microsoft Windows Mobile 6.1/6.5 - Double-Free Denial of Service
by musashi karak0rsan
EIP-2026-113423 EXPLOITDB text VERIFIED
Wiccle Web Builder 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by Veerendra G.G
EIP-2026-112408 EXPLOITDB text VERIFIED
Squirrelcart PRO 3.0.0 - Blind SQL Injection
by Salvatore Fresta
EIP-2026-110535 EXPLOITDB text VERIFIED
pecio CMS 2.0.5 - 'target' Cross-Site Scripting
by Antu Sanadi
EIP-2026-109444 EXPLOITDB text VERIFIED
Micro CMS 1.0 - 'name' HTML Injection (2)
by SecPod Research
EIP-2026-104072 EXPLOITDB text
Sawmill Enterprise < 8.1.7.3 - Multiple Vulnerabilities
by SEC Consult
CVE-2010-3573 EXPLOITDB text
Oracle Java SE/Jav for Bus <6-5 - Info Disclosure
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
by Roberto Suggi Liverani
CVE-2010-2891 EXPLOITDB text VERIFIED
libsmi 0.4.8 - Buffer Overflow via Long OID String
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
by Core Security
CVE-2010-3514 EXPLOITDB text
Oracle iPlanet Web Server <7.0 - Info Disclosure
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.
by Roberto Suggi Liverani
EIP-2026-115378 EXPLOITDB text VERIFIED
Hanso Converter 1.4.0 - '.ogg' Denial of Service
by anT!-Tr0J4n
CVE-2010-4143 EXPLOITDB text
phpcheckz 1.1.0 - SQL Injection via chart.php id Parameter
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Salvatore Fresta
CVE-2010-4152 EXPLOITDB text VERIFIED
4site CMS < 2.6 - SQL Injection via Catalog Index cat Parameter
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
by High-Tech Bridge SA
By Source
All 31,386 Writeup 62,573 Exploitdb 50,076 Nomisec 22,496 Github 3,735 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,630 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25